The government sector is at the mercy of ransomware attackers as the second quarter of 2022 witnessed some devastating attacks against multiple departments. According to researchers from Cyble, a total of 48 government organizations across 21 countries have been affected by 13 different ransomware gangs from the beginning of this year. Here’s a glance at some significant attacks.

Costa Rica declares a national emergency

  • One of the prominent attacks was observed against Costa Rica, which ultimately forced the government to declare a national emergency. 
  • The attack was launched by the Conti ransomware group in April which crippled the state’s economy and disrupted public systems. 
  • The attack had affected 27 government departments in Costa Rica, out of which the Ministry of Finance and its two portals were the worst affected. As a result, this caused delays in the disbursement of pensions, salaries, subsidies, and tax collection. 

Latin America is also in the crosshairs

  • In Latin America, the government organizations in Brazil were the most targeted by ransomware groups. 
  • Several government organizations in Peru were also targeted in three different incidents by Conti, Blackbyte, and Everest ransomware groups. 
  • While Conti claimed attacks on Peru’s National Directorate of Intelligence on April 28, the Everest ransomware gang targeted the networks of the Ministry of Economy and Finance on May 24. 
  • The Blackbyte ransomware gang had accessed the public query platform for the Peruvian government and compromised over 10 GB of data on May 23.

Other notable incidents observed

  • Several instances of threat actors selling sensitive data exfiltrated from different ministries and government organizations on underground forums were also observed by Cyble researchers.
  • In one such incident, an attacker had dumped email archives and data stolen from the Ministry of Energy & Natural Resources, the Federal Court of Malaysia, and the Department of Management Services under the Malaysian Ministry of Personnel & Organizational Development.
  • In another instance, a threat actor was selling unauthorized network access to the National Bank of Angola. 
  • Similarly, another threat actor had advertised personal data stolen from the Civil Service Commission of the Republic of the Philippines on dark web forums.


Ransomware gangs targeting government establishments for monetary returns are not a new phenomenon. It is imperative for nations to develop and improve their threat detection and response capabilities. They also need to have systems in place to foil and respond to them swiftly and effectively.

Cyware Publisher